sync: stage to production (#1628)

sync-branches: New code has just landed in stage, so let's bring
production up to speed!

Author: kovayur

.github/pull_request_template.md

@@ -20,6 +20,6 @@
 ```
 # To run tests locally run:
 make db/teardown db/setup db/migrate
-make ocm/setup OCM_OFFLINE_TOKEN=<ocm-offline-token> OCM_ENV=development
+make ocm/setup
 make verify lint binary test test/integration
 ```

.github/workflows/ci.yaml

@@ -54,9 +54,7 @@ jobs:
     name: "Verify & Test"
     runs-on: ubuntu-latest
     env:
-      # TODO make sure that the secrets are configured for your repository
       OCM_ENV: integration
-      E2E: "true"
       # Dummy SSO variables
       SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}
       SSO_CLIENT_SECRET: ${{ secrets.SSO_CLIENT_SECRET }}
@@ -71,8 +69,6 @@ jobs:
       # Dummy Central TLS env variables
       CENTRAL_TLS_CERT: central_tls_cert # pragma: allowlist secret - dummy value
       CENTRAL_TLS_KEY: central_tls_key # pragma: allowlist secret - dummy value
-      # So that OCM secrets are initialised
-      DOCKER_PR_CHECK: true
       TEST_TIMEOUT: 30m
     services:
       postgres:
@@ -108,6 +104,15 @@ jobs:
           key: ${{ runner.os }}-go-${{ hashFiles('go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
+      - name: Go mod tidy
+        run: |
+          go mod tidy
+      - name: Clean and generate files
+        run: |
+          make clean/go-generated && make generate
+      - name: Test that there were no changes
+        run: |
+          git diff --exit-code
       - name: Setup tests secrets
         run: |
           make ocm/setup aws/setup redhatsso/setup centralcert/setup observatorium/setup secrets/touch
@@ -118,7 +123,7 @@ jobs:
           GOPATH=$(go env GOPATH)
           export GOPATH
           export PATH=${PATH}:$GOPATH/bin
-          make verify binary test
+          make verify binary test test/integration
         timeout-minutes: 14
   build-push-images:
     name: "Build and push fleet* images to quay.io"
@@ -138,6 +143,8 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0 # Critical for correct image detection in Makefile
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
       - name: Build and push fleet-manager-tools image to quay.io
         if: github.event_name == 'push'
         env:
@@ -146,4 +153,4 @@ jobs:
       - name: Build and push fleetshard-operator image to quay.io
         run: make image/push/fleetshard-operator
       - name: Build and push fleet-manager image to quay.io
-        run: make image/push/fleet-manager
+        run: make image/push/fleet-manager IMAGE_PLATFORM=linux/amd64,linux/arm64

.golangci.yml

@@ -42,7 +42,6 @@ linters-settings:
     includes:
     - G601
   revive:
-    min-confidence: 0
     rules:
       - name: blank-imports
       - name: context-as-argument
@@ -87,14 +86,13 @@ linters-settings:
     enabled-checks:
       - commentFormatting
   nolintlint:
-    allow-leading-space: false # require machine-readable nolint directives (i.e. with no leading space)
     allow-unused: false # report any unused nolint directives
     require-explanation: false # don't require an explanation for nolint directives
     require-specific: true # require nolint directives to be specific about which linter is being skipped
   staticcheck:
     go: "1.20"
     checks: [ all,-ST1000,-ST1001,-ST1003,-ST1005,-SA1019,-SA4001,-ST1016 ]
-  wrapcheck:
+  wrapcheck: {}
     # ignoreSigRegexps: uncomment to add ignore rules
 
 linters:
@@ -114,6 +112,7 @@ linters:
     # - gochecknoinits
     # - gocognit
     # - goconst
+    - ginkgolinter
     - exportloopref
     - gocritic
     # - gocyclo
@@ -146,7 +145,7 @@ linters:
     # - typecheck
     # - unconvert
     # - unparam
-    # - unused
+    - unused
     # - varcheck
     # - whitespace
     - wrapcheck

.openshift-ci/e2e-runtime/Dockerfile

@@ -11,7 +11,7 @@ COPY --from=quay.io/operator-framework/operator-sdk:v1.25 /usr/local/bin/operato
 
 ENV GOPATH=/go
 ENV GOROOT=/usr/local/go
-ENV PATH="/usr/local/go/bin:${PATH}"
+ENV PATH="${GOROOT}/bin:${PATH}"
 
 RUN ln -s /usr/bin/oc /usr/bin/kubectl
 

.openshift-ci/e2e-runtime/e2e_dockerized.sh

@@ -22,7 +22,6 @@ AWS_SESSION_TOKEN=$(aws configure get aws_session_token --profile=saml)
 FLEET_MANAGER_IMAGE=$(make -s -C "$GITROOT" full-image-tag)
 
 # Run the necessary docker actions out of the container
-preload_dependency_images
 ensure_fleet_manager_image_exists
 
 docker build -t acscs-e2e -f "$GITROOT/.openshift-ci/e2e-runtime/Dockerfile" "${GITROOT}"

.openshift-ci/tests/e2e-test.sh

@@ -19,11 +19,6 @@ fi
 up.sh
 
 log "Environment up and running"
-log "Waiting for fleet-manager to complete leader election..."
-# Don't have a better way yet to wait until fleet-manager has completed the leader election.
-$KUBECTL -n "$ACSCS_NAMESPACE" logs -l application=fleet-manager -c fleet-manager -f --tail=-1 |
-    grep -q --line-buffered --max-count=1 'started leading' || true
-sleep 1
 
 FAIL=0
 if [[ "$SKIP_TESTS" == "true" ]]; then

.secrets.baseline

@@ -333,7 +333,7 @@
         "filename": "e2e/e2e_test.go",
         "hashed_secret": "7f38822bc2b03e97325ff310099f457f6f788daf",
         "is_verified": false,
-        "line_number": 267
+        "line_number": 268
       }
     ],
     "fleetshard/pkg/central/cloudprovider/dbclient_moq.go": [
@@ -370,27 +370,27 @@
         "line_number": 983
       }
     ],
-    "pkg/client/fleetmanager/api_moq.go": [
+    "pkg/client/fleetmanager/mocks/client_moq.go": [
       {
         "type": "Secret Keyword",
-        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "filename": "pkg/client/fleetmanager/mocks/client_moq.go",
         "hashed_secret": "44e17306b837162269a410204daaa5ecee4ec22c",
         "is_verified": false,
-        "line_number": 583
+        "line_number": 584
       },
       {
         "type": "Secret Keyword",
-        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "filename": "pkg/client/fleetmanager/mocks/client_moq.go",
         "hashed_secret": "0ff50155b4f57adeccae93f27dc23efe2a8b7824",
         "is_verified": false,
-        "line_number": 584
+        "line_number": 585
       },
       {
         "type": "Secret Keyword",
-        "filename": "pkg/client/fleetmanager/api_moq.go",
+        "filename": "pkg/client/fleetmanager/mocks/client_moq.go",
         "hashed_secret": "5ce1b8d4fb9dae5c02b2017e39e7267a21cea37f",
         "is_verified": false,
-        "line_number": 593
+        "line_number": 594
       }
     ],
     "pkg/client/iam/client_moq.go": [
@@ -493,70 +493,70 @@
         "filename": "templates/service-template.yml",
         "hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
         "is_verified": false,
-        "line_number": 522
+        "line_number": 524
       },
       {
         "type": "Base64 High Entropy String",
         "filename": "templates/service-template.yml",
         "hashed_secret": "14736999d9940728c5294277831a702f7882dece",
         "is_verified": false,
-        "line_number": 559
+        "line_number": 561
       },
       {
         "type": "Secret Keyword",
         "filename": "templates/service-template.yml",
         "hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
         "is_verified": false,
-        "line_number": 706,
+        "line_number": 708,
         "is_secret": false
       }
     ],
@@ -586,5 +586,5 @@
       }
     ]
   },
-  "generated_at": "2024-01-17T10:24:51Z"
+  "generated_at": "2024-01-25T17:36:32Z"
 }

Dockerfile

@@ -1,21 +1,25 @@
-FROM registry.ci.openshift.org/openshift/release:golang-1.20 AS build
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.20 AS build
 
+USER root
 RUN mkdir /src /rds_ca
 ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /rds_ca/aws-rds-ca-global-bundle.pem
-
 WORKDIR /src
+
+RUN go env -w GOCACHE=/go/.cache; \
+    go env -w GOMODCACHE=/go/pkg/mod
+
 RUN --mount=type=cache,target=/go/pkg/mod/ \
      --mount=type=bind,source=go.sum,target=go.sum \
      --mount=type=bind,source=go.mod,target=go.mod \
       go mod download -x
 
 COPY . ./
 
-ARG GOARCH
+ARG TARGETARCH
 
 RUN --mount=type=cache,target=/go/pkg/mod/ \
     --mount=type=cache,target=/go/.cache/ \
-    make binary GOOS=linux GOARCH=${GOARCH}
+    make binary GOOS=linux GOARCH=${TARGETARCH}
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.9 as standard
 

Dockerfile.tools

@@ -1,5 +1,5 @@
-FROM registry.ci.openshift.org/openshift/release:golang-1.20 AS build
-
+FROM registry.access.redhat.com/ubi8/go-toolset:1.20 AS build
+USER root
 RUN mkdir /src
 WORKDIR /src
 COPY . ./